summaryrefslogtreecommitdiffstats
path: root/security/nss/doc/certutil.xml
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/doc/certutil.xml')
-rw-r--r--security/nss/doc/certutil.xml16
1 files changed, 13 insertions, 3 deletions
diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml
index 461b21389..4622c75e4 100644
--- a/security/nss/doc/certutil.xml
+++ b/security/nss/doc/certutil.xml
@@ -84,11 +84,11 @@
<varlistentry>
<term>-F</term>
- <listitem><para>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the
-<option>-d</option> argument. Use the <option>-k</option> argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the <option>-k</option> argument, the option looks for an RSA key matching the specified nickname.
+ <listitem><para>Delete a private key and the associated certificate from a database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the
+<option>-d</option> argument.
</para>
<para>
-When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using -D. Some smart cards do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair. You can display the public key with the command certutil -K -h tokenname. </para></listitem>
+Some smart cards do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair.</para></listitem>
</varlistentry>
<varlistentry>
@@ -456,6 +456,16 @@ of the attribute codes:
</varlistentry>
<varlistentry>
+ <term>--pss</term>
+ <listitem><para>Restrict the generated certificate (with the <option>-S</option> option) or certificate request (with the <option>-R</option> option) to be used with the RSA-PSS signature scheme. This only works when the private key of the certificate or certificate request is RSA.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--pss-sign</term>
+ <listitem><para>Sign the generated certificate with the RSA-PSS signature scheme (with the <option>-C</option> or <option>-S</option> option). This only works when the private key of the signer's certificate is RSA. If the signer's certificate is restricted to RSA-PSS, it is not necessary to specify this option.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-z noise-file</term>
<listitem><para>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</para></listitem>
</varlistentry>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 09:47:32 +0000